Agencies
Services
Category:
Security
Description
System Security Assessment Services provides customers with information regarding security threats and vulnerabilities that may exist in their environment
All information provided, discovered or reported by either party remains the property of the customer and is considered confidential and protected. Terms of the engagement do not include assumption of liability by DoIT. No warranties expressed or implied apply to such security assessments. New vulnerabilities and exploits are discovered on an on-going basis. Assessments are a "snap-shot" of the environment and limited to the vulnerabilities tested and identified. Security assessments are conducted as preventative due diligence and best practice. A list of hardware and software to be tested, along with an explanation of the testing, its scope and limitations, will be provided to establish and verify what will be included in the final report. An agreed-upon scope of work statement will be provided. Modifications to the initial agreement will follow standard change management practices. A final confidential report outlining findings, level of risk and suggested follow-up actions will be provided to the customer.
Product Features
- Internal Assessments: An evaluation of network security from an internal perspective. DoIT will perform a vulnerability assessment of customer systems and networks including servers and routers. DoIT will generally try to find ways of minimizing security risks and avoid potential security breaches within the network
- External Assessments: An evaluation of network security from an external perspective. DoIT will perform a vulnerability assessment of customer systems and networks including web sites, servers, firewalls, switches and routers from the outside world
- Wireless Access Point Assessment: An evaluation of the customer's wireless access network. DoIT will perform a wireless assessment to detect the presence of wireless devices and verify that wireless devices meet the customer's wireless security policies and standards
- Remediation Recommendations: Based upon the results of the assessment, recommendations will be made around certain areas when addressing vulnerabilities
Additional specialized testing of DoIT hosted systems can be arranged if required by regulation or mandate
Standard
Vulnerability Assessments
Non-Standard
Rates and Billing
| Item | Unit of Measure | Rate - Applicable to Non-DoIT Entities |
|---|---|---|
| Internal Assessment | Per Assessment | $ 100.00 |
| External Assessment | Per Assessment | $ 100.00 |
| Wireless Access Scan | Per Assessment | $ 100.00 |
Ordering and Provisioning
Service can be procured, modified or cancelled by selecting the "Order Services" button near the top of the right pane.
DoIT Responsibilities
- Network Vulnerability testing
- Application Vulnerability testing
- Penetration testing
- Coordinate a preliminary meeting to define the scope of the project
- Recommend additional tests that might be recommended to provide a comprehensive review
Agency Responsibilities
- Sign an agreement to allow the scan. A signed, final agreement will be required in order to initiate system security assessment services
- Provide necessary data for the scan
- Agree to the terms of service for the assessment
- Provide necessary documentation and inventory information. The scope and duration of the engagement are reduced if up-to-date information is readily available during the information gathering phase
Service Levels and Metrics
Service Fulfillment/Provisioning
Staff will respond to service requests during the published business hours.